Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/c4b7a0-1e50-403c-b24e-13ed633f922a/1/Tfr-7D7j2lNNHKqg1wf4wAWyKLs.roa
File:                     Tfr-7D7j2lNNHKqg1wf4wAWyKLs.roa (raw, json)
Hash identifier:          TDIng4XMMUv1oCQo74mZWI08OWTpEbwfzmj+Yz7Mcjs=
Subject key identifier:   4D:FA:FE:EC:3E:E3:DA:53:4D:1C:AA:A0:D7:07:F8:C0:05:B2:28:BB
Certificate issuer:       /CN=52a5c90ca928313bc70d2683bb0f64d632b273a1
Certificate serial:       019427B553C138A9085F656C6BA3A0176BB3
Authority key identifier: 52:A5:C9:0C:A9:28:31:3B:C7:0D:26:83:BB:0F:64:D6:32:B2:73:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UqXJDKkoMTvHDSaDuw9k1jKyc6E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/c4b7a0-1e50-403c-b24e-13ed633f922a/1/Tfr-7D7j2lNNHKqg1wf4wAWyKLs.roa
Signing time:             Thu 02 Jan 2025 15:49:42 +0000
ROA not before:           Thu 02 Jan 2025 15:49:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     64396
IP address blocks:        46.229.8.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/c4b7a0-1e50-403c-b24e-13ed633f922a/1/UqXJDKkoMTvHDSaDuw9k1jKyc6E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/c4b7a0-1e50-403c-b24e-13ed633f922a/1/UqXJDKkoMTvHDSaDuw9k1jKyc6E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UqXJDKkoMTvHDSaDuw9k1jKyc6E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:53:c1:38:a9:08:5f:65:6c:6b:a3:a0:17:6b:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52a5c90ca928313bc70d2683bb0f64d632b273a1
        Validity
            Not Before: Jan  2 15:49:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4dfafeec3ee3da534d1caaa0d707f8c005b228bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:f9:94:04:d0:ab:c1:d1:6b:17:f6:a2:5b:8d:
                    11:3c:90:9e:54:fb:95:ee:20:23:40:53:9a:72:99:
                    bb:dc:1f:f8:a3:45:a9:6c:2a:8a:0c:9a:06:bc:49:
                    e3:2e:ac:5a:b1:ae:2a:9b:21:64:e0:8a:71:a0:bc:
                    78:d6:6d:49:e4:85:b2:75:8e:33:74:23:a7:46:e4:
                    d7:97:6b:e8:96:70:46:f0:7e:11:fc:e5:db:90:6f:
                    2a:b4:44:fc:5b:d7:62:5b:d8:0e:d9:71:af:7a:e8:
                    e2:9d:44:cf:27:99:0b:86:dc:99:85:53:41:ec:25:
                    63:b3:6a:e2:4a:75:0a:58:52:17:42:48:6d:db:42:
                    fc:03:58:dc:5f:97:df:19:1f:78:e2:e6:92:e1:cd:
                    26:62:6c:71:3e:fc:b4:86:19:9b:56:2b:6f:0f:d8:
                    31:8f:71:a3:a9:08:08:37:51:a3:1d:d0:b5:fb:98:
                    cd:e2:48:46:d7:64:33:6a:e1:15:31:0d:42:2d:a9:
                    b5:23:d3:0e:6d:83:c7:40:71:f5:eb:e0:25:93:b7:
                    a2:49:d0:8b:a3:76:de:3c:3b:0b:1a:01:06:7b:54:
                    fd:8e:cd:3c:d7:dc:6b:2a:7e:37:c2:6d:64:40:5f:
                    3e:42:f9:ee:3f:82:87:d6:ab:83:45:38:eb:17:ba:
                    1d:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:FA:FE:EC:3E:E3:DA:53:4D:1C:AA:A0:D7:07:F8:C0:05:B2:28:BB
            X509v3 Authority Key Identifier:
                keyid:52:A5:C9:0C:A9:28:31:3B:C7:0D:26:83:BB:0F:64:D6:32:B2:73:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UqXJDKkoMTvHDSaDuw9k1jKyc6E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/c4b7a0-1e50-403c-b24e-13ed633f922a/1/Tfr-7D7j2lNNHKqg1wf4wAWyKLs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/c4b7a0-1e50-403c-b24e-13ed633f922a/1/UqXJDKkoMTvHDSaDuw9k1jKyc6E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.229.8.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6b:4b:c2:5e:b4:99:e5:3b:a0:90:4d:7b:53:f6:f2:2d:2c:7a:
         bd:9a:8e:68:b2:a2:66:7d:23:a8:c7:52:72:a5:da:d8:4d:8e:
         3c:b4:54:4b:05:10:be:8c:dd:e6:71:b0:8e:d5:04:a9:2b:05:
         92:17:83:92:98:2b:cd:76:f7:66:e4:b1:5c:5b:92:75:f7:40:
         63:b5:d0:e9:9a:ff:9e:b1:1b:a0:ac:c8:61:b9:07:f5:38:b5:
         bf:52:c9:33:57:43:5d:67:ea:3d:4a:bc:55:12:e2:1c:3f:df:
         91:3e:05:89:07:15:69:a1:bc:61:01:27:c3:09:37:b8:79:2a:
         e6:f7:16:c1:dc:30:e4:2d:1f:62:2a:e3:1b:f6:47:5c:7a:e6:
         cc:6c:b1:4b:47:21:5c:2a:fd:d7:49:f1:d0:b7:a4:2f:82:34:
         12:21:9f:f2:29:de:36:4e:a8:63:50:0d:33:89:9f:3e:e8:f4:
         b5:0c:01:a3:6a:5e:4c:a5:72:12:ae:43:cb:16:f0:17:a6:0f:
         2e:cf:06:81:79:0a:74:b4:91:4b:6f:8d:24:d2:7c:1b:37:f9:
         a0:90:b9:c1:2c:32:43:5f:fb:b4:94:54:11:a1:e2:f3:86:ff:
         f0:cf:67:d1:85:b2:3f:81:d6:3e:fc:6b:ce:c2:c2:9c:d8:e3:
         70:29:28:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntVPBOKkIX2Vsa6OgF2uzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyYTVjOTBjYTkyODMxM2JjNzBkMjY4M2JiMGY2NGQ2MzJi
MjczYTEwHhcNMjUwMTAyMTU0OTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGZhZmVlYzNlZTNkYTUzNGQxY2FhYTBkNzA3ZjhjMDA1YjIyOGJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy/mUBNCrwdFrF/aiW40RPJCeVPuV
7iAjQFOacpm73B/4o0WpbCqKDJoGvEnjLqxasa4qmyFk4IpxoLx41m1J5IWydY4z
dCOnRuTXl2volnBG8H4R/OXbkG8qtET8W9diW9gO2XGveujinUTPJ5kLhtyZhVNB
7CVjs2riSnUKWFIXQkht20L8A1jcX5ffGR944uaS4c0mYmxxPvy0hhmbVitvD9gx
j3GjqQgIN1GjHdC1+5jN4khG12QzauEVMQ1CLam1I9MObYPHQHH16+Alk7eiSdCL
o3bePDsLGgEGe1T9js0819xrKn43wm1kQF8+QvnuP4KH1quDRTjrF7odxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE36/uw+49pTTRyqoNcH+MAFsii7MB8GA1UdIwQY
MBaAFFKlyQypKDE7xw0mg7sPZNYysnOhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXFYSkRLa29NVHZIRFNhRHV3OWsxakt5YzZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC9jNGI3YTAtMWU1MC00MDNjLWIyNGUt
MTNlZDYzM2Y5MjJhLzEvVGZyLTdEN2oybE5OSEtxZzF3ZjR3QVd5S0xzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC9jNGI3YTAtMWU1MC00MDNjLWIyNGUtMTNlZDYzM2Y5MjJh
LzEvVXFYSkRLa29NVHZIRFNhRHV3OWsxakt5YzZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLuUIMA0G
CSqGSIb3DQEBCwUAA4IBAQBrS8JetJnlO6CQTXtT9vItLHq9mo5osqJmfSOox1Jy
pdrYTY48tFRLBRC+jN3mcbCO1QSpKwWSF4OSmCvNdvdm5LFcW5J190BjtdDpmv+e
sRugrMhhuQf1OLW/UskzV0NdZ+o9SrxVEuIcP9+RPgWJBxVpobxhASfDCTe4eSrm
9xbB3DDkLR9iKuMb9kdceubMbLFLRyFcKv3XSfHQt6QvgjQSIZ/yKd42TqhjUA0z
iZ8+6PS1DAGjal5MpXISrkPLFvAXpg8uzwaBeQp0tJFLb40k0nwbN/mgkLnBLDJD
X/u0lFQRoeLzhv/wz2fRhbI/gdY+/GvOwsKc2ONwKSgG
-----END CERTIFICATE-----